Re: [zones-discuss] reviews for 6933462 onu should support zones

[Liane Praza]

On 03/ 9/10 03:53 PM, Edward Pilatowicz wrote:

On Tue, Mar 09, 2010 at 11:12:21PM +, John Levon wrote:


Please can I get people to take a look at:

http://cr.opensolaris.org/~johnlev/onu-zones/



This looks reasonable to me.  Thank you very much for tackling it.  As a
sanity check, this probably would stay (modulo changing the messaging)
even once upgrade-on-attach works for systems without entire, right?  It
seems like it would be a useful developer convenience?



BTW Ed was asking why the full refresh was needed - anyone?



that's not entirely true.  ;)

the full refresh is needed because we may not have the latest
catalogs for all the configured publishers.

what i tried to ask was: why don't the other set-publisher
operations use the --no-refresh option.  afaik, by default a
set-publisher operation will cause us to refresh the cached publisher
data, which we're going to cache anyway when we do the refresh
--full.


Prior to integration, we couldn't require a recent enough version of pkg 
to count on this behaviour.  I think we do now, and this sounds like 
it'd speed things up a little.


liane
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] [smf-discuss] recommended dependency for non-system services? 6725004 - installing single-user-mode patches automatically

[Liane Praza]

Nils Goroll wrote:
 Hi JOrdan,
 
 Jordan Brown wrote:
 I suggest to introduce an additional milestone (e.g. milestone/ready) 
 with optional dependencies on all system services, roughly matching 
 the time when rc3 is run.
   [...]
 I believe that the point you describe pretty much corresponds to 
 milestone/multi-user.
 
 Agree, I should have thought twice.
 
 But what about the idea of making a dependency to multi-user obligatory for 
 non-system apps?

A few problems:

1) The ship has sailed.  There are plenty of apps out there which don´t 
have that dependency and we cannot retroactively make requirements of 
them.  The solution would fail in the face of that.

2) We want applications to declare accurate dependencies when possible 
to increase boot performance (especially on multi-core systems), and 
fault handling.  This would be a step in the opposite direction -- I 
recommend a milestone dependency when a service author needs either an 
expedient solution or they don´t understand the application´s 
dependencies.  But, it isn´t preferred.

And again, none of this is a concern with IPS, so I don´t want to 
enforce user-visible changes now for a solution that has a guaranteed 
limited shelf-life.  Jordan has explored some solutions which do not 
require changing administrator or service author behaviour, and those 
are far preferable.

liane
___
zones-discuss mailing list
zones-discuss@opensolaris.org

Re: [zones-discuss] [smf-discuss] 6725004 - installing single-user-mode patches automatically

[Liane Praza]

I believe the original concern about making system/filesystem/local part 
of single-user was that it changes the definition of single-user.  The 
zones team was involved in that discussion, and I've just tried to 
re-involve them in the resolution discussions.  (And have cc'ed them 
here.  Apologies for the crosspost.)  It may just be morning, but I'm 
currently having a hard time finding that argument too compelling on its 
own -- it seems there must have been something more specific.

Creating a patch milestone has previously been my preferred direction 
(as it requires actual definition and design of what the patching 
frameworks need, rather than just hoping that single user is 
appropriate), but I'm no longer certain this is a sensible investment, 
as my understanding of IPS is that they're sticking to their guns and 
there will be no live patching of the OS that leads us to these types of 
scenarios.  Thankfully.

Given that, I wonder if a different option is to confirm that 
system/filesystem/local is idempotent (and not already running), and 
then have patchadd just run its method directly.  It leaves a bad taste 
in my mouth, but then again so does the fact that we've got two 
different patching systems which require the system to be in different 
states when they run.

But, again, I think the zones team explored many of these options in the 
first round and would like to make sure they have a chance to weigh in.

liane  (in theory, on vacation today.)

Renaud Manus wrote:
 A solution could be to move system/filesystem/local in the single-user
 milestone.
 
 -- Renaud
 
 Jordan Brown wrote:
 Could some SMFers please weigh in on 6725004 and give some opinions on 
 how best to address it?

 Here's a summary of the problem:

 Sun Update Connection Enterprise attempts to install single-user 
 patches using an rcS.d script.  This has historically been a problem, 
 since zone roots may not have been mounted yet.  Patchadd was recently 
 changed to partially work around this problem, by enabling 
 system/filesystem/local, but when that mechanism is triggered from an 
 rcS.d script (or, presumably, from a service on which 
 milestone/single-user depends), it yields a deadlock - 
 system/filesystem/local can't be run, because milestone/single-user 
 hasn't been reached.  (This is, I believe, in addition to the technical 
 issues surrounding performing SMF operations from an rcS.d script.)

 I believe that the most truly correct way to address this problem is to 
 have a deferred patching service that depends on 
 system/filesystem/local, and on which all other later services depend. 
 However, I think the only way to implement such a service would be to 
 modify the dependencies of those later services, and that seems awkward. 
   (One could also rename system/filesystem/local, retain the original 
 name as something of a milestone, and insert the deferred patching 
 service as a new service between the renamed s/f/l and the original 
 s/f/l, but that  seems quite ugly.)
 ___
___
zones-discuss mailing list
zones-discuss@opensolaris.org